AllotBoxAllotBox Collect

Privacy Policy

Last updated: May 2026

1. Information We Collect

When you use AllotBox Collect, we collect the following information:

  • Account information: Your name, email address, and profile picture from your Google account when you sign in via Google OAuth.
  • Circle data: Circle name, due type, due amount, UPI ID, and UPI name that you provide during onboarding and settings.
  • Member data: Member keys, names, descriptions, occupancy status, and identity information (phone numbers, UPI IDs, etc.) that you add.
  • Payment data: Payment amounts, dates, modes, UTR numbers, and status information that you record or that is auto-extracted from UPI screenshots.
  • UPI screenshots: Images forwarded to the Telegram bot are processed to extract payment details. Screenshots are processed and not stored permanently.
  • Usage data: Basic analytics including pages visited, features used, and session duration.

2. How We Use Your Information

  • To provide and maintain the AllotBox Collect service
  • To authenticate your identity via Google OAuth
  • To process and record payments from UPI screenshots
  • To generate payment reports and dashboards
  • To send service-related notifications
  • To improve our service and user experience

3. Data Storage & Security

Your data is stored securely using Supabase, which provides enterprise-grade security with encryption at rest and in transit. We use Google OAuth for authentication, ensuring we never store your password. Access to your data is restricted to you and authorized AllotBox personnel for support purposes only.

4. Third-Party Services

We use the following third-party services:

  • Google OAuth: For authentication
  • Supabase: For database and authentication infrastructure
  • Telegram Bot API: For receiving and processing UPI screenshots

Each of these services has their own privacy policy governing their use of your data.

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share data only in the following circumstances:

  • With your explicit consent
  • To comply with legal obligations or court orders
  • To protect our rights, privacy, safety, or property

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated data (circle, members, payments) will be permanently deleted within 30 days. UPI screenshots are processed in real-time and are not stored after payment extraction.

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data (via CSV downloads)
  • Withdraw consent at any time by deleting your account

8. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@allotbox.com.